Trust and Reputation for Critical Infrastructure Protection

Tese de doutoramento em Engenharia Informática, apresentada ao Departamento de Engenharia Informática da Faculdade de Ciências e Tecnologia da Universidade de CoimbraAtualmente a sociedade contemporânea tem ao seu dispor um sem numero de serviços que suportam toda a economia globalizada em que vivemos bem como o nosso modo de vida. Serviços como distribuição de energia, água, gás, redes de transportes, telecomunicações, a Internet, entre outros, são atualmente parte integrante da vida dos cidadãos e das empresas. Estes serviços estão de tal forma presentes nas nossas vidas que a sua relevância e o grau de dependência aos serviços, apenas é sentido aquando da sua indisponibilidade. Este tipo de serviço dos quais depende o nosso modo de vida, são fornecidos por infraestruturas críticas, assim referidas pois a sua falha ou quebra da qualidade do serviço prestado pode ter um grande impacto na sociedade ou economia de um País. Para além dos fenómenos da natureza e dos riscos inerentes à sua própria exploração, os riscos que estas infraestruturas correm têm vindo a aumentar ao atrair cada vez mais o interesse de grupos de hackers e terroristas, principalmente pela forte visibilidade e consequências que mesmo um pequeno ataque pode acarretar. De entre os problemas inerentes ao funcionamento das infraestruturas críticas destaca-se o fato da existência de dependências ou interdependências entre infraestruturas. Veja-se o exemplo do serviço de telecomunicações que está por natureza dependente do fornecimento de energia elétrica ou dos serviços bancários que estão dependentes de ambos. Mas não está atualmente o fornecimento de energia dependente dos serviços de telecomunicações e dos seus sistemas de informação? Destes exemplos torna-se visível que, para além da (inter)dependência que possa existir, é necessário analisar também os efeitos em cascata que podem surgir após a falha de uma infraestrutura. Com o objetivo de promover a segurança em infraestruturas críticas, vários governos, em conjunto com a comunidade científica, promovem esforços de investigação nesta área. Em particular, nas áreas da distribuição de energia e das telecomunicações. Ao nível da União Europeia, existe grande determinação para promover projetos nesta área, em particular, projetos que promovem a troca de informação entre infraestruturas, na forma de alertas de risco, prevenindo os Operadores das infraestruturas relativamente a um aumento de risco de perda ou quebra de qualidade do serviço fornecido. Esta troca permite que as infraestruturas possam aplicar atempadamente os seus planos de contingência ou recuperação, minimizando eventuais quebras de serviço e consequentemente reduzindo o indesejado efeito de falha em cascata. A motivação para o trabalho apresentado nesta tese, surgiu da identificação dos principais aspectos em aberto relativos à troca e gestão de alertas de risco entre infraestruturas críticas. Muitas das abordagens existentes relativas à segurança em infraestruturas críticas focam-se na obtenção de níveis de risco através do uso de modelos mais ou menos complexos das infraestruturas. Apesar de estes modelos permitirem uma base sólida para a monitorização do risco, não apresentam mecanismos para a sua troca, gestão e avaliação de qualidade. Este trabalho aborda o problema relacionado com a confiança, reputação e gestão de alertas de risco no seio das infraestruturas críticas. Nesse sentido é proposta a introdução de mecanismos que permitam gerir e aferir em cada instante, o grau de confiança atribuído a cada um dos alertas de risco recebidos ou calculados internamente, permitindo melhorar a sua precisão e consequentemente melhorar também a resiliência da infraestrutura critica quando confrontada com alertas de riscos imprecisos ou inconsistentes. Na tese é abordado o problema da segurança em infraestruturas críticas interdependentes e identificados os principais problemas inerentes à troca de informação de risco, em particular, a forma de efetuar a partilha de informação de uma forma segura, a gestão dessa mesma partilha e a avaliação da fiabilidade da informação envolvida na partilha. Propõe-se nesta tese, a aplicação de mecanismos de gestão baseados no paradigma de gestão por politicas para a gestão da partilha de alertas de risco entre infraestruturas críticas. Com o objetivo de melhorar a gestão da partilha e posterior interpretação dos alertas de risco, é proposta a introdução da análise de confiança e reputação na avaliação da fiabilidade da informação envolvida na partilha e na avaliação do comportamento das entidades envolvidas. As propostas apresentadas nesta tese são discutidas e aplicadas no âmbito do projeto Europeu MICIE (Tool for systemic risk analysis and secure mediation of data exchanged across linked CI information infrastructures), em particular, no que se refere à solução proposta para a gestão da partilha de alertas de risco, que em conjunto com os indicadores de confiança e reputação propostos, permitem melhorar a proteção de cada infraestrutura relativamente ao uso de informação menos confiável ou inconsistente. Apresenta-se também a adaptação dos conceitos propostos ao CI Security Model, um modelo de análise de risco em tempo real, no qual as falhas identificadas são atenuadas com a introdução da análise de confiança e reputação proposta nesta tese. Os resultados da avaliação das propostas apresentadas são discutidos com base em cenários de simulação bem como através de dados reais de uma infraestrutura crítica. Os resultados obtidos indicam que as propostas apresentadas satisfazem os objectivos definidos, nomeadamente, ao contribuir para o aumento da confiança que uma infraestrutura crítica tem relativamente à informação recebida em tempo real acerca dos serviços dos quais depende, ao permitir uma melhor gestão dessa mesma informação e também ao contribuir para o aumento da fiabilidade dos resultados provenientes dos modelos de risco em uso na infraestrutura.Currently, our society has at its disposal an uncountable number of services able to support the global economy and also our current way of life. Services such as power distribution, water, gas, transport networks, telecommunications, the Internet, among others, are now an integral part of the citizens' lives and businesses. These services play such a big role in our lives that their importance is only appreciated when they are unavailable. These types of services, that our lives so heavily depend on, are provided by Critical Infrastructures. They are referred to as ``Critical" due to the fact that in case of failure or breakdown in providing quality of service, the impact on society and the economy of a country can be enormous. Beyond the phenomena of nature and risks inherent to the infrastructure operation, the risks faced by these infrastructures have continuously increasing, by attracting interest from groups of hackers and terrorist groups. Primarily due to the strong visibility and consequences that may result even from a small successful attack. Among the problems inherent to the operation of Critical Infrastructures, it is possible to emphasise the existence of dependencies and interdependencies among infrastructures. For example, a telecommunications service is inherently dependent on the electricity supply or, for instance, banking services are dependent on both telecommunications and energy supply services. However, is it not the service that provides power supply actually dependent on telecommunications services and also on information systems? Based on these examples it becomes apparent that in addition to the (inter)dependence that may exist, it is also necessary to examine the cascading effects that may arise after the failure of a Critical Infrastructure. Critical Infrastructures security has been the subject of discussion by numerous governments with the support of the academia by promoting research efforts in these areas, in particular in areas such as power distribution and telecommunications. Furthermore, within the European Union, there is determination to promote projects in these areas, in particular the promotion of projects that foster the exchange of information, in the form of warnings, among infrastructures. These warnings allow the Critical Infrastructure to be informed and aware of the increasing risk of loss or reduction in quality of the service received. This exchange allows the infrastructure to timely implement their contingency and recovery plans to minimise any service breaks and consequently minimise the unwanted effect of a cascading failure. The motivation for the work presented in this thesis arose from the identification of the main open issues relating to the exchange and management of risk warnings among Critical Infrastructures. Many of the existing approaches to security in Critical Infrastructures are focused on obtaining risk levels through the use of models based on the infrastructure. Although these models allow a solid foundation for risk monitoring, they do not have mechanisms for exchange, management and assessment of its quality. This work addresses the problem related to trust, reputation and risk alerts management within Critical Infrastructures. Accordingly, it is proposed to introduce mechanisms to manage and measure at each instant, the degree of confidence assigned to each of the alerts received or computed internally. Allowing improvement of their accuracy and consequently improving the resilience of Critical Infrastructures when faced with inaccurate or inconsistent risk alerts. This thesis addresses the problem of interdependent Critical Infrastructure security and identifies the main problems related to risk information sharing. In particular, how to allow information sharing in a secure manner, the management of that sharing and how to assess the reliability of such information. This thesis proposes the application of Policy Based Management mechanisms for the management of the risk alert information shared among Critical Infrastructures. In order to improve the information sharing management and the further interpretation of the risk alerts, it is proposed to evaluate Trust and Reputation in order to assess the shared information and also to consider the behaviour of the entities involved. The proposals presented in this thesis are discussed and applied in the context of the European Project MICIE ({Tool for systemic risk analysis and secure mediation of data exchanged across linked CI information infrastructures). In particular with regard to the proposed solution for the management of shared risk alerts, which uses the Policy Based Management paradigm. By incorporating the proposed Trust and Reputation indicators it allows to improve the Critical Infrastructure protection considering the use of untrustworthy or inconsistent information. It is also proposed the adaptation of the presented concepts to the CI Security Model, a model for real time risk analysis evaluation, in which the identified shortcomings are addressed with the integration of the Trust and Reputation approach proposed in this thesis. The results of the proposals evaluation are discussed based on simulation scenarios as well as through real data of a Critical Infrastructure. The achieved results indicate that the proposed mechanisms meet the objectives such as, by contributing to the increase in confidence that a Critical Infrastructure has on the information received about the services on which it depends. To allow improvement in management of such information as well as contribution to increased reliability of results obtained from the risk models applied to the infrastructure.FCT - (SFRH BD/35772/2007

Understanding citizen science and environmental monitoring: final report on behalf of UK Environmental Observation Framework

Citizen science can broadly be defined as the involvement of volunteers in science. Over the past decade there has been a rapid increase in the number of citizen science initiatives. The breadth of environmental-based citizen science is immense. Citizen scientists have surveyed for and monitored a broad range of taxa, and also contributed data on weather and habitats reflecting an increase in engagement with a diverse range of observational science. Citizen science has taken many varied approaches from citizen-led (co-created) projects with local community groups to, more commonly, scientist-led mass participation initiatives that are open to all sectors of society. Citizen science provides an indispensable means of combining environmental research with environmental education and wildlife recording. Here we provide a synthesis of extant citizen science projects using a novel cross-cutting approach to objectively assess understanding of citizen science and environmental monitoring including: 1. Brief overview of knowledge on the motivations of volunteers. 2. Semi-systematic review of environmental citizen science projects in order to understand the variety of extant citizen science projects. 3. Collation of detailed case studies on a selection of projects to complement the semi-systematic review. 4. Structured interviews with users of citizen science and environmental monitoring data focussing on policy, in order to more fully understand how citizen science can fit into policy needs. 5. Review of technology in citizen science and an exploration of future opportunities

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Evaluating Information Assurance Control Effectiveness on an Air Force Supervisory Control and Data Acquisition (SCADA) System

Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber attack against the WPAFB fuels operation. The probability of adversary success of specific attack scenarios is developed via the attack tree. Then an impact assessment is obtained via a survey of WPAFB fuels operation subject matter experts (SMEs). The probabilities of adversary success and impact analysis are used to create a Risk Level matrix, which is analyzed to identify recommended IA controls. The culmination of this research identified 14 IA controls associated with mitigating an adversary from gaining remote access and deploying an exploit as the most influential for SCADA managers, operators and network defenders to focus on in order to maximize system security against a Stuxnet-like remote cyber attack

Trust and Reputation for Critical Infrastructure Protection

Today’s critical infrastructures (CIs) depend on information and communication technologies (ICTs) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. Among the problems inherent to the operation of Critical Infrastructures, it is possible to emphasise the existence of dependencies and interdependencies among infrastructures. For example, a telecommunications service is inherently dependent on the electricity supply or, for instance, banking services are dependent on both telecommunications and energy supply services. Many of the existing approaches to security in Critical Infrastructures are focused on obtaining risk levels through the use of models based on the infrastructure. Although these models allow a solid foundation for risk monitoring, they do not have mechanisms for exchange, management and assessment of its quality. This presentation addresses the problems related to trust, reputation and risk alerts management within Critical Infrastructures. Accordingly, it is described how to introduce mechanisms to manage and measure at each instant, the degree of confidence assigned to each of the alerts received or computed internally. Allowing improvement of their accuracy and consequently improving the resilience of Critical Infrastructures when faced with inaccurate or inconsistent risk alerts. The lecture’s main goals are to address the problems related to interdependent Critical Infrastructure security and to identify the main problems related to risk information sharing. In particular, how to allow information sharing in a secure manner, the management of that sharing and how to assess the reliability of such information. The European Project MICIE is presented in order to contextualise the presented work. The application of Policy Based Management mechanisms for the management of the risk alert information shared among Critical Infrastructures is described. In order to improve the information sharing management and the further interpretation of the risk alerts, it is described how to evaluate Trust and Reputation in order to assess the shared information and also to consider the behaviour of the entities involved. Selected application scenarios for the presented approaches will be discussed. In particular the integration of those approaches within the MICIE Project and also the integration of the trust and reputation indicators within the CI security Model

Generating citizen trust in e-government using a trust verification agent: A research note

Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizen’s take-up of online public sector services or engagement with public decision and policy making. A citizen’s decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual “trust” decisions by providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool – a trust verification agent (TVA) - that can take an agency’s security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state their concerns and obtain an evaluation of the agency’s provision in appropriate “citizen friendly” language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council, UK (grant GR/T27020/01

Generating citizen trust in e-government using a trust verification agent: A research note

Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizen’s take-up of online public sector services or engagement with public decision and policy making. A citizen’s decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual “trust” decisions by providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool – a trust verification agent (TVA) - that can take an agency’s security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state their concerns and obtain an evaluation of the agency’s provision in appropriate “citizen friendly” language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council-UK (grant GR/T27020/01

Refinement and standardization of storage procedures for clonal crops. Global Public Goods Phase 2: Part 1. Project landscape and general status of clonal crop in vitro conservation technologies

Among the collective actions of the World Bank-funded Global Public Goods Phase II Project (GPG2), the following collaborative activity: “Refinement and standardization of storage procedures for clonal crops” was given to the CGIAR’s In Vitro Genebanks, represented by the Clonal Crop Task Force (CCTF) composed of genetic resources research staff from the four centres: Bioversity International, CIAT, CIP and IITA. These hold the in trust collections of Musa, cassava, potato, sweetpotato, yam and Andean root and tuber crops (ARTCs). The overarching aims of this activity were to: (1) review the status of vitro conservation in the context of the GPG2 project with an emphasis on the mandated clonal crops; (2) survey the facilities, storage protocols and practices of CGIAR’s clonal crop genebanks; (3) collate and review this information with a view to developing quality and risk management systems to support the production and validation of multi-crop best practice guidelines. Outputs from this activity are designated as a three part ‘trilogy’: Part I, entitled “Project landscape and general status of clonal crop in vitro conservation technologies” introduces the GPG2 project within the CGIAR landscape and overviews the status of in vitro plant conservation in the wider conservation community of practice. This part describes the role of risk and quality management for the effective maintenance of in vitro genebanks in the context of research and the development and validation of best practices